Amazon Prime users beware. There’s a scam out there and it’s direct right at you. According to Tech Radar, “The scammers target victims via an automated telephone call claiming that they have opened an Amazon Prime account and that they should ‘press one’ to cancel the transaction. However, doing so will connect the call to a fraudster posing as an Amazon customer service representative.
Continuing, “The scammer informs the recipient of the call that their subscription was purchased fraudulently due to a supposed ‘security flaw’ on the targeted person’s computer. The bogus Amazon representative then asks for remote access to the recipient’s computer.” We can only imagine what happens from there.
Breach in Lake Charles, LA Church
Apparently, hackers aren’t worried about having to deal with the wrath of god. How else can you interpret them targeting church goers?
Posing as a priest in Lake Charles, LA, hackers sent a text to church goers that read, “I want you to get some gift cards for some patients.” Supposedly this happened to four or five priests in the area. Better pray for the hackers, they’re going to need it.
You have to tip your hat to hackers that deploy the latest technology to do their job. This week’s acknowledgement goes to a Chinese drone app creator.
From SC Magazine, “An Android application that controls a drone manufactured by China-based Da Jiang Innovations (DJI) contains a self-update feature that bypasses the Google Play Store, thus creating the ability for the app to transmit sensitive personal information to DJI’s servers or possibly the Chinese government. DJI’s drones have become so controversial that both the DOD and U.S. Interior Department have stopped using them with DOD issuing an outright ban.” Watch out for drones and the app that control them.
People consider their DNA to be pretty important and something that should probably be kept private. So, it could not come as good news that a breach this week exposed the DNA of a million people.
From Security Week, “A genealogy website used to catch one of California’s most wanted serial killers remained shut down Thursday after a security breach exposed the DNA profiles of more than a million people to law enforcement agencies. GEDmatch said in a message emailed to members and posted Wednesday on its Facebook page that on Sunday a sophisticated attack on their servers through an existing user account made the DNA profiles of its members available for police to search for about three hours.” Not good.
Did you know that there’s a cash advance service called Dave? Well, apparently there is and the hacking group ShinyHunters knew it too because they successfully exfiltrated data from more than 7.5 million of their users.
From SC Magazine, “The stolen information included personal user information including names, emails, birth dates, physical addresses and phone numbers, but not bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers.” Heck, with all the stolen information you can create your own Social Security numbers for the victims. Not good.
University of Utah Breach
It’s been a while since we reported on a healthcare data breach. The good luck was bound to run out sooner or later.
From the HIPAA Journal, “The University of Utah has experienced a phishing attack that has potentially involved the protected health information of up to 10,000 patients. This is the 4th data breach to be reported to the Department of Health and Human Services by the University of Utah in 2020. All four incidents are listed as hacking/IT incidents involving email and without any email security services.” Sounds like the University of Utah needs to up their cybersecurity game.
And that’s the week that was.